E-commerce stores should consider data protection and privacy

Are you processing personal data through your website in order to faciliate commerce? In simpler terms, are you asking customers to provide information about themselves through your website, app, or email addess, followed by using that information in order to carry out your business?

Of key interest to online retail store owners would be the last question about accounts and financial records, and the ICO provides guidance on this in the self-assessment:

You should answer ‘Yes’ if you:

only process information necessary for undertaking and managing transactions with your suppliers and customers; and

only share the information with people and organisations necessary to do this. Important – if individuals give you permission to share their information, this is also allowed; and

keep the information while you have a relationship with the supplier or customer it refers to or as long as necessary for your accounts and financial records.

So as long as you are doing just the above, this should be sufficient, but in case of any doubt, seek legal assistance. Just as well, the other aspects of the assessment must be met properly regarding communications (advertising, marketing, and public relations). It may be prudent to register with the ICO voluntarily, which can indeed be considered to be a mark of integrity and credibility with customers who can have confidence their personal data is used in accordance with the law. Don’t forget to secure your data, too.